CVE-2022-45085

Server-Side Request Forgery SSRF vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45090

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45091

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS.This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45086

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45090

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45091

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45086

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS. This issue affects Smartpower Web: before 23.01.01...

Input validation

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01...

Input validation

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01...

Input validation

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS.This issue affects Smartpower Web: before 23.01.01...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS. This issue affects Smartpower Web: before 23.01.01...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01...

CVE-2022-4557

CVE-2022-4557 affects Smartpower Web (Group Arge Energy and Control Systems). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands within Smartpower Web prior to version 23.01.01. Reported impact is high across confidentiality, integrity, and...

CVE-2022-4557 SQL Injection in Smartpower Web

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01...

Johnson Controls System Configuration Tool (SCT)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: System Configuration Tool Vulnerabilities: Sensitive Cookie Without ‘HttpOnly’ Flag, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 2. RISK EVALUATION Successful exploitation of...

CVE-2022-45091

CVE-2022-45091 affects Grup Arge Energy and Control Systems Smartpower Web; the issue is an improper neutralization of user input during web page generation, enabling Cross-site Scripting (XSS). Affected version is Smartpower Web before 23.01.01. Mitigation: upgrade to version 23.01.01 or later (...

CVE-2022-45091 Cross-site Scripting in Smartpower Web

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45090

The CVE-2022-45090 entry concerns an Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web, enabling SQL Injection. Multiple sources (Red Hat, NVD, CNNVD/CVE record) describe that Smartpower Web versions before 23.01.01 are affected due to insufficient in...